CVE-2019-7663

Source
Severity Medium
Remote Yes
Type Denial of service
Description
An Invalid Address dereference was discovered in TIFFWriteDirectoryTagTransferfunction in libtiff/tif_dirwrite.c in LibTIFF 4.0.10, affecting the cpSeparateBufToContigBuf function in tiffcp.c. Remote attackers could leverage this vulnerability to cause a denial-of-service via a crafted tiff file.
Group Package Affected Fixed Severity Status Ticket
AVG-886 libtiff 4.0.10-1 4.0.10-2 Medium Vulnerable
References
https://gitlab.com/libtiff/libtiff/commit/802d3cbf3043be5dce5317e140ccb1c17a6a2d39
https://gitlab.com/libtiff/libtiff/merge_requests/60
Notes
This is different from CVE-2018-12900.